Deepfake
What is Deepfake?
DeepfakeSynthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.
Deepfakes use generative models — GANs, diffusion, and modern voice-cloning systems — to swap faces, clone voices, or fabricate entire scenes. Quality has improved fast enough that real-time video deepfakes were used in high-profile fraud cases such as the 2024 Arup incident, where attackers impersonated a CFO on a video call and authorised a USD 25 M transfer. Deepfakes drive vishing, sextortion, election interference, non-consensual intimate imagery, and identity-verification bypass. Defences combine technical detection (liveness checks, deepfake classifiers, C2PA content credentials), procedural controls (out-of-band verification of large transfers, codewords), legal regimes (EU AI Act, AI Disclosure Act drafts), and user awareness training.
● Examples
- 01
A video-call deepfake of an executive instructing finance staff to wire funds to a fraudulent account.
- 02
A cloned voice of a CEO leaving a voicemail asking an employee to bypass approval workflows.
● Frequently asked questions
What is Deepfake?
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not. It belongs to the AI & ML Security category of cybersecurity.
What does Deepfake mean?
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.
How does Deepfake work?
Deepfakes use generative models — GANs, diffusion, and modern voice-cloning systems — to swap faces, clone voices, or fabricate entire scenes. Quality has improved fast enough that real-time video deepfakes were used in high-profile fraud cases such as the 2024 Arup incident, where attackers impersonated a CFO on a video call and authorised a USD 25 M transfer. Deepfakes drive vishing, sextortion, election interference, non-consensual intimate imagery, and identity-verification bypass. Defences combine technical detection (liveness checks, deepfake classifiers, C2PA content credentials), procedural controls (out-of-band verification of large transfers, codewords), legal regimes (EU AI Act, AI Disclosure Act drafts), and user awareness training.
How do you defend against Deepfake?
Defences for Deepfake typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Deepfake?
Common alternative names include: AI-generated impersonation, Synthetic media impersonation.
● Related terms
- ai-security№ 1123
Synthetic Media
Any audio, image, video, or text content produced or substantially modified by generative AI rather than captured directly from the physical world.
- ai-security№ 026
AI Content Detection
Tools and techniques that estimate whether a piece of text, image, audio, or video was produced by an AI model rather than a human.
- ai-security№ 035
AI Watermarking
Techniques that embed a detectable signal into AI-generated content so its provenance, model of origin, or training-set membership can be verified later.
- attacks№ 1205
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
- ai-security№ 027
AI Governance
The policies, processes, roles, and controls organisations and regulators use to ensure AI systems are developed, deployed, and operated responsibly and lawfully.
● See also
- № 1021Sextortion
- № 1203Video Deepfake Attack
- № 036AI-Generated Disinformation
- № 137C2PA